CVE-2016-20092

NetDrive 2.6.12 Unquoted Service Path Elevation of Privilege

CVSS 8.5 HIGHEPSS 0.1%CWE-428

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or system reboot, resulting in privilege escalation.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Netdrive · NetDrive

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/40422no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.exploit-db.com/exploits/40422 https://www.vulncheck.com/advisories/netdrive-unquoted-service-path-elevation-of-privilege http://www.netdrive.net/http://www.netdrive.net/download